Windows System Engineer

Does WIndows 2003 support an encryption key for a hardware time clock.
We have a hardware clock that requires a key to connect, I would lke to set some of my Active Directory controllers to sync to this device and be an NTP server for the clients in the domain, then verify that it is working as expected.

Who is Participating?

I have never seen anything like this. You may want to check with the manufacturer to see if they have an app to connect to those clocks. It could be as simple as a key exchange program and then the NTP request goes through. MS actually uses SNTP or Simple network time protocol so it is limited to these registry settings and configurations:

Hope this helps

Windows Time service registry entries

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\:

Registry Entry MaxPosPhaseCorrection
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Notes This entry specifies the largest positive time correction in seconds that the service makes. If the service determines that a change that is larger than this is required, the service logs an event. (0xFFFFFFFF is a special case that means always make a time correction.) The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 or 15 hours.

Registry Entry MaxNegPhaseCorrection
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Notes This entry specifies the largest negative time correction in seconds that the service makes. If the service determines that a change that is larger than this is required, the service logs an event instead. (-1 is a special case that means always make a time correction.) The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 or 15 hours.

Registry Entry MaxPollInterval
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Note This entry specifies the largest interval, in log seconds, that is allowed for the system polling interval. While a system must poll according to the scheduled interval, a provider can refuse to produce samples when requested. The default value for domain members is 10. The default value for stand-alone clients and servers is 15.

Registry Entry SpecialPollInterval
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Note This entry specifies the special poll interval in seconds for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval that is determined by the operating system. The default value on domain members is 3,600. The default value on stand-alone clients and servers is 604,800.

Registry Entry MaxAllowedPhaseOffset
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Note This entry specifies the maximum offset, in seconds, for which W32Time tries to adjust the computer clock by using the clock rate. When the offset is greater than this rate, W32Time sets the computer clock directly. The default value for domain members is 300. The default value for stand-alone clients and servers is 1.